IBM Security has announced new and upcoming capabilities for Cloud Pak for Security, including a first of its kind data security solution that allows companies to detect, respond to and protect against threats to their most sensitive data across hybrid cloud environments.
Designed to unify previously disconnected security technologies, IBM has expanded Cloud Pak for Security to include new data sources, integrations, and services that allow security operations teams to manage the full threat lifecycle from a single console.
With these upcoming capabilities, Cloud Pak for Security will include access to six threat intelligence feeds, 25 pre-built connections to IBM and third-party data sources, and 165 case management integrations – which are connected through advanced AI to prioritize threats, and automation playbooks to streamline response actions for security teams.
Cloud Pak for Security will become the first platform in the industry to connect data-level insights and user behavior analytics with threat detection, investigation and response.
Key inputs:
Coordinated Threat Response + Data Security: IBM has developed a new industry-first approach to provide security teams with visibility into data activity, compliance and risk, without needing to leave their primary response platform. The new built-in data security hub, scheduled for general availability in Q4, allows analysts to quickly gain context into where their sensitive data resides across hybrid cloud environments, as well as who has access to it, how it is used, and the best way to protect it.
Access to Industry Leading Threat Intelligence: Cloud Pak for Security is expanding its collection of threat intelligence, helping clients detect early warning signs of active threat campaigns impacting companies around the world. In addition to IBM’s X-Force Threat Intelligence Feed, the platform will provide pre-built integrations for five additional threat intelligence feeds from third-party sources, including AlienVault OTX, Cisco Threatgrid, MaxMind Geolocation, SANS Internet StormCenter and Virustotal scheduled for general availability in Q4, and additional threat feeds expected to be added in 2021.
Dedicated Services and Support: With Cloud Pak, IBM experts can help clients deploy and manage Cloud Pak for Security across any environment, including end-to-end threat management, managed security services, as well as strategy, consulting and integration support.
Justin Youngblood, Vice President, IBM Security. “Cloud Pak for Security is built on open, cloud native technologies from the ground up to connect any tool within the security ecosystem. With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity, helping organizations to modernize their security operations and create the foundation for a zero trust security strategy.”
Open Connections Across the Security Ecosystem
Cloud Pak for Security leverages open technologies to create an interoperable foundation and deeper connections between the IBM and third-party tools. For instance, the platform uses STIX-Shifter, an open-source library that allows security analysts to search for threat indicators across all connected data sources with a single query. Additionally, Cloud Pak for Security is built on Red Hat OpenShift, providing an open, containerized foundation that can be easily deployed across on-premise, public and private cloud environments.
This open approach allows Cloud Pak for Security to be more than simply a collection of security capabilities, but rather a platform to fully integrate security processes across tools and clouds. The platform uses advanced AI, analytics and automation to streamline the full lifecycle of threat management – including native capabilities for Security Information and Event Monitoring (SIEM), Threat Intelligence, User Behavior Analytics, Data Security and Security Orchestration Automation and Response. These capabilities are delivered through a single, unified user interface that connects the entire threat management process via end-to-end workflows, from detection through response.
Unified Product and Services Approach
Cloud Pak for Security’s open framework makes it an ideal solution for collaboration between security teams and external service providers that augment companies’ security skills and expertise. This also supports multi-tenancy, enabling service providers to leverage a single instance of the platform to serve multiple companies and sub-organizations while keeping their data isolated.
(Image courtesy: www.blogs.perficient.com)